Class | Line # | Actions | |||||
---|---|---|---|---|---|---|---|
SecurityAuthorizationScriptService | 45 | 6 | 0% | 6 | 6 |
1 | /* | |
2 | * See the NOTICE file distributed with this work for additional | |
3 | * information regarding copyright ownership. | |
4 | * | |
5 | * This is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU Lesser General Public License as | |
7 | * published by the Free Software Foundation; either version 2.1 of | |
8 | * the License, or (at your option) any later version. | |
9 | * | |
10 | * This software is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * Lesser General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU Lesser General Public | |
16 | * License along with this software; if not, write to the Free | |
17 | * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | |
18 | * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | |
19 | */ | |
20 | package org.xwiki.security.authorization.script; | |
21 | ||
22 | import javax.inject.Inject; | |
23 | import javax.inject.Named; | |
24 | import javax.inject.Singleton; | |
25 | ||
26 | import org.xwiki.component.annotation.Component; | |
27 | import org.xwiki.model.reference.DocumentReference; | |
28 | import org.xwiki.model.reference.EntityReference; | |
29 | import org.xwiki.script.service.ScriptService; | |
30 | import org.xwiki.security.authorization.AccessDeniedException; | |
31 | import org.xwiki.security.authorization.AuthorizationManager; | |
32 | import org.xwiki.security.authorization.ContextualAuthorizationManager; | |
33 | import org.xwiki.security.authorization.Right; | |
34 | import org.xwiki.security.script.SecurityScriptService; | |
35 | ||
36 | /** | |
37 | * Security Authorization Script Service. | |
38 | * | |
39 | * @version $Id: 73e8d98bba5045e0d33e70a39bd7ae52767c6d24 $ | |
40 | * @since 6.1RC1 | |
41 | */ | |
42 | @Component | |
43 | @Named(SecurityScriptService.ROLEHINT + '.' + SecurityAuthorizationScriptService.ID) | |
44 | @Singleton | |
45 | public class SecurityAuthorizationScriptService implements ScriptService | |
46 | { | |
47 | /** | |
48 | * The role hint of this component. | |
49 | */ | |
50 | public static final String ID = "authorization"; | |
51 | ||
52 | @Inject | |
53 | private AuthorizationManager authorizationManager; | |
54 | ||
55 | @Inject | |
56 | private ContextualAuthorizationManager contextualAuthorizationManager; | |
57 | ||
58 | /** | |
59 | * Check if access identified by {@code right} on the current entity is allowed in the current context. | |
60 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
61 | * context restriction, the dropping of rights by macro, etc... | |
62 | * This function should be used at security checkpoint. | |
63 | * | |
64 | * @param right the right needed for execution of the action | |
65 | * @throws AccessDeniedException if the action should be denied, which may also happen when an error occurs | |
66 | */ | |
67 | 0 | public void checkAccess(Right right) throws AccessDeniedException |
68 | { | |
69 | 0 | contextualAuthorizationManager.checkAccess(right); |
70 | } | |
71 | ||
72 | /** | |
73 | * Verifies if access identified by {@code right} on the current entity would be allowed in the current context. | |
74 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
75 | * context restriction, the dropping of rights by macro, etc... | |
76 | * This function should be used for interface matters, use {@link #checkAccess} at security checkpoints. | |
77 | * | |
78 | * @param right the right to check . | |
79 | * @return {@code true} if the user has the specified right on the entity, {@code false} otherwise | |
80 | */ | |
81 | 20484 | public boolean hasAccess(Right right) |
82 | { | |
83 | 20483 | return contextualAuthorizationManager.hasAccess(right); |
84 | } | |
85 | ||
86 | /** | |
87 | * Check if access identified by {@code right} on the given entity is allowed in the current context. | |
88 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
89 | * context restriction, the dropping of rights by macro, etc... | |
90 | * This function should be used at security checkpoint. | |
91 | * | |
92 | * @param right the right needed for execution of the action | |
93 | * @param entityReference the entity on which to check the right | |
94 | * @throws AccessDeniedException if the action should be denied, which may also happen when an error occurs | |
95 | */ | |
96 | 0 | public void checkAccess(Right right, EntityReference entityReference) throws AccessDeniedException |
97 | { | |
98 | 0 | contextualAuthorizationManager.checkAccess(right, entityReference); |
99 | } | |
100 | ||
101 | /** | |
102 | * Verifies if access identified by {@code right} on the given entity would be allowed in the current context. | |
103 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
104 | * context restriction, the dropping of rights by macro, etc... | |
105 | * This function should be used for interface matters, use {@link #checkAccess} at security checkpoints. | |
106 | * | |
107 | * @param right the right to check. | |
108 | * @param entityReference the entity on which to check the right | |
109 | * @return {@code true} if the user has the specified right on the entity, {@code false} otherwise | |
110 | */ | |
111 | 44446 | public boolean hasAccess(Right right, EntityReference entityReference) |
112 | { | |
113 | 44446 | return contextualAuthorizationManager.hasAccess(right, entityReference); |
114 | } | |
115 | ||
116 | /** | |
117 | * Check if the user identified by {@code userReference} has the access identified by {@code right} on the | |
118 | * entity identified by {@code entityReference}. Note that some rights may be checked higher in hierarchy of the | |
119 | * provided entity if such right is not enabled at lowest hierarchy level provided. | |
120 | * This function should be used at security checkpoint. | |
121 | * | |
122 | * @param right the right needed for execution of the action | |
123 | * @param userReference the user to check the right for | |
124 | * @param entityReference the entity on which to check the right | |
125 | * @throws AccessDeniedException if the action should be denied, which may also happen when an error occurs | |
126 | */ | |
127 | 0 | public void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) |
128 | throws AccessDeniedException | |
129 | { | |
130 | 0 | authorizationManager.checkAccess(right, userReference, entityReference); |
131 | } | |
132 | ||
133 | /** | |
134 | * Verifies if the user identified by {@code userReference} has the access identified by {@code right} on the | |
135 | * entity identified by {@code entityReference}. Note that some rights may be checked higher in hierarchy of the | |
136 | * provided entity if such right is not enabled at lowest hierarchy level provided. | |
137 | * This function should be used for interface matters, use {@link #checkAccess} at security checkpoints. | |
138 | * | |
139 | * @param right the right to check . | |
140 | * @param userReference the user to check the right for | |
141 | * @param entityReference the entity on which to check the right | |
142 | * @return {@code true} if the user has the specified right on the entity, {@code false} otherwise | |
143 | */ | |
144 | 1285 | public boolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference) |
145 | { | |
146 | 1285 | return authorizationManager.hasAccess(right, userReference, entityReference); |
147 | } | |
148 | } |